What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-01-16 11:14:57 | Cybersecurity Experts Cast Doubt on Hackers\' ICS Ransomware Claims (lien direct) | A hacktivist group has made bold claims regarding an attack on an industrial control system (ICS) device, but industry professionals have questioned their claims. | Ransomware Industrial | ★★ | |
 |
2023-01-05 05:50:00 | Focusing on Your Adversary (lien direct) | Every day, we hear news stories or read articles about data breaches and other cyber security threats. As malicious threat actors and the risk of cyber threats increase, protecting networks and valuable information becomes more critical. So what can organizations do to ensure their networks remain secure? Organizations must understand their adversaries’ identities to keep data safe and protect it from cyber-attacks. This article will explore the different types of threats facing enterprise organizations and what they can do to stay ahead of them. Evolving Cyber Attacks Cyber attacks are constantly evolving as attackers continue to find new ways to exploit vulnerabilities. This includes: Increased use of artificial intelligence (AI) and machine learning: Attackers are using AI and machine learning to automate and improve the effectiveness of their attacks. For example, AI can be used to generate convincing phishing emails or to bypass security systems. Rise of ransomware: Ransomware attacks, which involve encrypting a victim’s data and demanding a ransom to decrypt it, have become increasingly common in recent years. Ransomware attacks can significantly impact businesses, disrupting operations and resulting in financial losses. More targeted attacks: Rather than broad-based attacks that aim to compromise as many systems as possible, attackers are increasingly using targeted attacks designed to exploit a particular organization’s vulnerabilities. Increased focus on mobile devices: Mobile devices, such as smartphones and tablets, are becoming increasingly vulnerable to cyber-attacks. As a result, attackers focus more on exploiting these devices’ vulnerabilities. Increased use of cloud services: As more organizations move to the cloud, attackers are finding new ways to exploit vulnerabilities in these systems. For example, attackers may try to gain access to an organization’s cloud-based data or disrupt its cloud-based operations. It’s not only crucial for organizations to stay up-to-date on the latest trends in cyber attacks and to implement appropriate security measures to protect against them. It’s even more important to pinpoint your adversaries to understand their TTPs to protect and predict their next attack. Types of Adversaries There are many different types of cybersecurity adversaries that organizations have to deal with. Some common types of adversaries include: Hackers: Individuals or groups who attempt to gain unauthorized access to systems or networks for various reasons, such as stealing data, disrupting operations, or causing damage. Cybercriminals: Individuals or groups who use the internet to commit crimes, such as identity theft, fraud, or extortion. Cyber Terrorists: A group that’s goal is to disrupt operations, cause harm, and destroy data. Increasingly targeting critical infrastructures such as power plants, water treatment facilities, transportation systems, and healthcare providers. Nation-state actors: Governments or government-sponsored organizations that use cyber attacks as part of their foreign policy or military operations. Insider threats: Individuals with legitimate access to an organization’s systems or networks use that access to cause harm or steal sensitive information. Malicious insiders: These are individuals who are intentionally malicious and seek to cause harm to an organization’s systems or networks. Hacktivists: The term “hacktivists” refers to people who use hacking techniques to disrupt computer systems and networks in pursuit of political goals. Hackers often work alone, though some groups do exist. Script Kiddies: Originally used to describe young hackers, it now refer | Ransomware Malware Tool Vulnerability Threat Industrial Prediction | ★★★ | |
 |
2023-01-05 00:00:00 | Why Data Hygiene is Key to Industrial Cybersecurity (lien direct) | How can highly distributed organizations with complex, integrated supply chains defend against cyber threats? By practicing good data hygiene based on zero-trust principles. | Industrial | ★★ | |
 |
2023-01-03 11:00:00 | Five reasons why Cybersecurity training is important in 2023 (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The digital world is ever-expanding in scope and influence, both in personal and professional matters. In the last few years, business operations have become increasingly dependent on technology, and on employees to use that technology safely. While remote and mobile work have been necessary and useful, they also open the door for cybercriminals to take advantage of lax security measures and employees’ ignorance of best practices. So long as companies are carrying out some or all of their affairs in the digital realm, cybersecurity is easily as important as physical security. As one cybersecurity awareness training guide puts it: “if businesses are to thrive in the Fourth Industrial Revolution, security needs to be not only top of mind, but a fluent language.” Some of the most pressing reasons for cybersecurity training are detailed below. 1. Compliance with regulations There are many areas of business operations which are governed by legal or regulatory oversight to protect against various risks inherent to digital activities. These include HIPAA, which outlines rules regarding private health information, PCI SSC, which seeks to strengthen payment account security, and GDPR, which regulates general data privacy. Complying with these regulations is necessary for several reasons, although the dominant motivator for compliance is that the organizations can and will impose fines on businesses that fail to meet standards. It has often been said that a business is only as strong as its weakest link, and nowhere is this truer than in the world of data security. Any one employee can be a liability when it comes to the practices that an enterprise puts in place to protect consumer data as well as their own. When compliance is mandated and the threat of fines is looming, companies must ensure that all of their employees are properly trained and informed on the regulations in place. 2. Protecting enterprise assets Aside from wanting to avoid fines, however, businesses should still attempt to meet these regulatory standards for their own good. While meeting the bare minimum of compliance standards will keep a company out of hot water with regulatory boards, it will not necessarily protect the company itself. According to one report from IBM, the average cost of a data breach is 4.35 million USD. Ensuring that employees are trained in cybersecurity awareness greatly decreases the risk of a data breach occurring, as well as ensuring that employees know how to respond in the event that there is an attack targeting the company’s data. 3. Protecting consumer data Ostensibly protected by the aforementioned regulatory standards, consumer data is still at a huge risk of being obtained, stolen, or leveraged by cybercriminals. An attack that only targets a company’s internal data is dangerous to the company, but an attack that targets consumer data can have far-reaching consequences that affect thousands or millions of people. The responsibility for password complexity and variation, device and website privacy settings, and the amount of data shared can be at least partially placed upon the consumer’s shoulders. But the company must have its own measures in place as well to protect against attacks on customer data. Thorough and effective cybersecurity awareness training will reduce the chances of employee error l | Data Breach Threat Guideline Industrial Prediction | ★★★ | |
 |
2022-12-26 00:00:00 | CISO\'s Challenges Involved with Business Leader & SOC (lien direct) | Yohei Ishihara, IoT security evangelist at Trend Micro, discussed the challenges CISOs facing within organizations driving industrial IoT. | Industrial Prediction | ★★ | |
 |
2022-12-21 16:46:50 | CLOUD DE CONFIANCE : NOUVEAU DISPOSITIF D\'ACCOMPAGNEMENT VERS L\'OBTENTION DU VISA DE SECURITE SECNUMCLOUD A DESTINATION DE NOS STARTUPS ET PME (lien direct) | Annoncée le 12 septembre 2022, depuis Strasbourg, lors du déplacement de Bruno Le Maire, ministre de l'Économie, des Finances et de la Souveraineté industrielle et numérique et de Jean-Noël Barrot, cette mesure est aujourd'hui mise en oeuvre. | Industrial | ★★★ | |
 |
2022-12-19 16:06:00 | Applying a Zero Trust Mindset to Securing Industrial Control Systems (lien direct) | Learn from multiple CISOs about the zero-trust mindset necessary across OT and IT to secure modern and legacy solutions while supporting remote access and protecting resources within a network boundary. | Industrial | ★★ | |
 |
2022-12-14 02:00:00 | Clear and present danger-report highlights serious cybersecurity issues with US defense contractors (lien direct) | When a company engages in business with a government, especially with the defense sector of that government, one should expect that security surrounding the engagement would be a serious endeavor. A recent report offered up by CyberSheath throws cold water on that assumption-indeed, DEFENSELESS - A statistical report on the state of cybersecurity maturity across the defense industrial base (DIB) should embarrass the sector and begs the question: why are some companies still allowed to do business with the government at all?The CyberSheath report, conducted by Merrill research, surveyed 300 US members of the DIB and judged their results as having a 95% probability of being accurate. Which should give everyone pause, as the results are startling.To read this article in full, please click here | Industrial | ★★★ | |
 |
2022-12-13 22:15:09 | CVE-2022-2660 (lien direct) | Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine. | Industrial | ||
|
2022-12-13 16:15:21 | CVE-2022-33235 (lien direct) | Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | Industrial | ||
|
2022-12-13 16:15:21 | CVE-2022-33268 (lien direct) | Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | Industrial | ||
|
2022-12-13 16:15:21 | CVE-2022-33238 (lien direct) | Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | Industrial | ||
|
2022-12-13 16:15:18 | CVE-2022-25682 (lien direct) | Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | Industrial | ||
|
2022-12-13 16:15:18 | CVE-2022-25685 (lien direct) | Denial of service in Modem module due to improper authorization while error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | Industrial | ||
|
2022-12-13 16:15:18 | CVE-2022-25702 (lien direct) | Denial of service in modem due to reachable assertion while processing reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | Industrial | ||
|
2022-12-13 16:15:18 | CVE-2022-25695 (lien direct) | Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | Industrial | ||
|
2022-12-13 16:15:18 | CVE-2022-25711 (lien direct) | Memory corruption in camera due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | Industrial | ||
|
2022-12-13 16:15:18 | CVE-2022-25692 (lien direct) | Denial of service in Modem due to reachable assertion while processing the common config procedure in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | Industrial | ||
|
2022-12-13 16:15:17 | CVE-2022-25677 (lien direct) | Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | Industrial | ||
|
2022-12-13 16:15:17 | CVE-2022-25681 (lien direct) | Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | Industrial | ||
|
2022-12-13 16:15:17 | CVE-2022-25675 (lien direct) | Denial of service due to reachable assertion in modem while processing filter rule from application client in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile | Industrial | ||
 |
2022-12-13 07:40:10 | OT Cybersecurity in 2023: Time to Show the Receipts (lien direct) | >There has been public broad realization that operations which tolerate little to no physical downtime-including critical infrastructure, industrial sectors and hyperconnected facilities-are lucrative targets for cyberattacks. A decade ago, intrusion and anomaly detection tools for operational technology (OT) and industrial control systems (ICS) were in their infancy. Today, the market is expanding and maturing in […] | Industrial | ★★★ | |
 |
2022-12-12 16:50:32 | (Déjà vu) 2nd Annual DISC 2022 Capture the Flag (CTF) Event a Success! (lien direct) | >The Dragos Industrial Security Conference (DISC) is an annual event celebrated on November 5th that provides attendees with some of... The post 2nd Annual DISC 2022 Capture the Flag (CTF) Event a Success! first appeared on Dragos. | Industrial | ★★★ | |
|
2022-12-08 15:20:51 | WAFs of Several Major Vendors Bypassed With Generic Attack Method (lien direct) | Researchers at industrial and IoT cybersecurity firm Claroty have identified a generic method for bypassing the web application firewalls (WAFs) of several major vendors. | Industrial | ★★ | |
|
2022-12-07 13:00:00 | Unify IT & OT Cybersecurity for A More Secure, Resilient Industrial Network with Dragos and Cisco (lien direct) | >Cybersecurity is a key component of modernization and regulatory requirements for digital transformation efforts, as cyber threats have become a... The post Unify IT & OT Cybersecurity for A More Secure, Resilient Industrial Network with Dragos and Cisco first appeared on Dragos. | Industrial | ★★★ | |
 |
2022-12-07 08:44:13 | Nokia and GlobalData market research reveals private wireless enterprise drivers and return on investment data (lien direct) | Nokia and GlobalData market research reveals private wireless enterprise drivers and return on investment data • Results from new Nokia and GlobalData survey find cybersecurity and business efficiency are key transformation drivers for early private wireless adopters • Decision makers surveyed at 79 multinationals reveal high confidence in the technology with many having adopted or planning to adopt private wireless networks and industrial edge solutions • Nearly 80 percent of survey respondents expected to achieve ROI within six months of deployment • Benefits of an integrated approach to digitalization are broadly recognized, working with market leaders that offer a wide array of industry solutions - Special Reports | Guideline Industrial | ★★ | |
|
2022-12-05 14:01:54 | Kaspersky prévoit des changements dans le paysage des menaces pour les systèmes de contrôle industriel en 2023 (lien direct) | Les chercheurs de l'ICS CERT de Kaspersky ont partagé leurs prédictions concernant les évolutions et les risques concernant les systèmes de contrôle industriel auxquels les organisations doivent se préparer en 2023. Parmi ces prédictions, les experts de Kaspersky prévoient une augmentation de la surface d'attaque due à la numérisation, des activités d'initiés bénévoles et cybercriminels, des attaques de ransomware ciblant les infrastructures critiques, mais aussi des incidences techniques, économiques et géopolitiques sur les capacités de détection des menaces et l'augmentation des vulnérabilités potentielles exploitées par les agents malveillants. - Points de Vue | Ransomware Industrial | ★★★★ | |
 |
2022-12-02 08:32:00 | CISA Warns of Multiple Critical Vulnerabilities Affecting Mitsubishi Electric PLCs (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week released an Industrial Control Systems (ICS) advisory warning of multiple vulnerabilities in Mitsubishi Electric GX Works3 engineering software. "Successful exploitation of these vulnerabilities could allow unauthorized users to gain access to the MELSEC iQ-R/F/L series CPU modules and the MELSEC iQ-R series OPC UA server | Industrial | ★★ | |
 |
2022-10-11 19:22:42 | Google Pixel 7 and Pixel 7 Pro: The next evolution in mobile security (lien direct) | Dave Kleidermacher, Jesse Seed, Brandon Barbello, Sherif Hanna, Eugene Liderman, Android, Pixel, and Silicon Security Teams Every day, billions of people around the world trust Google products to enrich their lives and provide helpful features – across mobile devices, smart home devices, health and fitness devices, and more. We keep more people safe online than anyone else in the world, with products that are secure by default, private by design and that put you in control. As our advancements in knowledge and computing grow to deliver more help across contexts, locations and languages, our unwavering commitment to protecting your information remains. That's why Pixel phones are designed from the ground up to help protect you and your sensitive data while keeping you in control. We're taking our industry-leading approach to security and privacy to the next level with Google Pixel 7 and Pixel 7 Pro, our most secure and private phones yet, which were recently recognized as the highest rated for security when tested among other smartphones by a third-party global research firm.1 Pixel phones also get better every few months with Feature Drops that provide the latest product updates, tips and tricks from Google. And Pixel 7 and Pixel 7 Pro users will receive at least five years of security updates2, so your Pixel gets even more secure over time. Your protection, built into PixelYour digital life and most sensitive information lives on your phone: financial information, passwords, personal data, photos – you name it. With Google Tensor G2 and our custom Titan M2 security chip, Pixel 7 and Pixel 7 Pro have multiple layers of hardware security to help keep you and your personal information safe. We take a comprehensive, end-to-end approach to security with verifiable protections at each layer - the network, application, operating system and multiple layers on the silicon itself. If you use Pixel for your business, this approach helps protect your company data, too.  Google Tensor G2 is Pixel's newest powerful processor custom built with Google AI, and makes Pixel 7 faster, more efficient and secure3. Every aspect of Tensor G2 was designed to improve Pixel's performance and efficiency for great battery life, amazing photos and videos. Tensor's built-in security core works with our Titan M2 security chip to keep your personal information, PINs and passwords safe. Titan family chips are also used to protect Google Cloud data centers and Chromebooks, so the same hardware that protects Google servers also secures your sensitive information stored on Pixel. And, in a first for Google, Titan M2 hardware has now been certified under Common Criteria PP0084: the international gold standard for hardware security components also used for identity, SIM cards, and bankcard security chips. |
Spam Malware Vulnerability Guideline Industrial | APT 40 | |
 |
2022-08-30 16:00:43 | Watering Hole Attacks Push ScanBox Keylogger (lien direct) | Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. | Industrial | APT 40 | |
 |
2022-07-26 06:00:00 | L'équipe rouge mandiante émule les tactiques FIN11 pour contrôler les serveurs de technologie opérationnelle Mandiant Red Team Emulates FIN11 Tactics To Control Operational Technology Servers (lien direct) |
Au cours des deux dernières années, les incidents de ransomwares ont eu un impact sur des milliers d'organisations d'infrastructure industrielles et critiques.Dans certains cas, Mandiant a observé comment ces intrusions perturbent les chaînes de production industrielles et les flux de travail opérationnels comme méthode pour inciter le paiement des rançons.Bien que dans la plupart des cas, les victimes aient subi des dommages-intérêts exclusivement limités aux systèmes d'entreprise, cela ne signifie pas que les systèmes de technologie opérationnelle (OT) ne sont pas à risque.
La nature de la technologie OT et les défis de la défense signifie que de nombreux réseaux OT ont Sécurité Gaps que
During the last couple of years, ransomware incidents have impacted thousands of industrial and critical infrastructure organizations. In some cases, Mandiant has observed how these intrusions disrupt industrial production chains and operational workflows as a method to incentivize the payment of ransoms. Although in most cases victims have suffered damages exclusively restricted to enterprise systems, this does not mean that operational technology (OT) systems are not at risk. The nature of OT technology and the challenges of defending it means that many OT networks have security gaps that |
Ransomware Industrial | ★★★ | |
 |
2022-06-30 13:49:56 | China lured graduate jobseekers into digital espionage (lien direct) | Student translators were targeted by front company for Beijing-backed hacking group APT40. | Industrial | APT 40 | |
|
2022-04-13 15:30:00 | Inconstruire: les nouveaux outils de cyberattaques parrainés par l'État ciblent plusieurs systèmes de contrôle industriel INCONTROLLER: New State-Sponsored Cyber Attack Tools Target Multiple Industrial Control Systems (lien direct) |
Au début de 2022, Mandiant, en partenariat avec Schneider Electric, a analysé un ensemble de nouveaux outils d'attaque orientés vers le système de contrôle industriel (ICS) - que nous appelons Inconstroller (aka PipeDream) - construit aux dispositifs d'automatisation des machines cibles.Les outils peuvent interagir avec des équipements industriels spécifiques intégrés dans différents types de machines exploitées dans plusieurs industries.Bien que le ciblage de tout environnement opérationnel utilisant cet ensemble d'outils ne soit pas clair, le malware pose un risque critique pour les organisations tirant parti de l'équipement ciblé.Inconstroller est très probablement parrainé par l'État et contient
In early 2022, Mandiant, in partnership with Schneider Electric, analyzed a set of novel industrial control system (ICS)-oriented attack tools-which we call INCONTROLLER (aka PIPEDREAM)-built to target machine automation devices. The tools can interact with specific industrial equipment embedded in different types of machinery leveraged across multiple industries. While the targeting of any operational environments using this toolset is unclear, the malware poses a critical risk to organizations leveraging the targeted equipment. INCONTROLLER is very likely state sponsored and contains |
Malware Tool Industrial | ★★★★ | |
|
2022-04-11 10:00:00 | Sécurité proactive pour la technologie opérationnelle et les infrastructures critiques Proactive Security for Operational Technology and Critical Infrastructure (lien direct) |
technologie opérationnelle (OT) et systèmes de contrôle industriel (ICS) ont longtemps été utilisés dans les environnements industriels pour surveilleret automatiser les processus physiques et les opérations critiques de mission.Ces systèmes constituent les éléments fondamentaux de certaines de nos infrastructures les plus critiques et soutiennent les fonctions sociétales essentielles, telles que la production d'électricité, le traitement des eaux usées, les transports publics, la fabrication industrielle, l'extraction des ressources, le pétrole et le gaz et les télécommunications.
La dernière décennie a connu une augmentation progressive de la motivation mondiale de l'acteur de cyber-menace pour cibler l'OT à usage spécial
Operational Technology (OT) and Industrial Control Systems (ICS) have long been used in industrial environments to monitor and automate physical processes and mission-critical operations. These systems form the foundational building blocks for some of our most critical infrastructure and support essential societal functions, such as power generation, wastewater treatment, public transportation, industrial manufacturing, resource mining, oil and gas, and telecommunications. The last decade has seen a gradual uptick in global cyber threat actor motivation for targeting special-purpose OT |
Threat Industrial | ★★★ | |
|
2022-01-31 15:00:00 | 1 sur 7 OT Ransomware Extorsion Attaque de fuite Critique Informations sur la technologie opérationnelle 1 in 7 OT Ransomware Extortion Attacks Leak Critical Operational Technology Information (lien direct) |
Les fuites de données ont toujours été une préoccupation pour les organisations.L'exposition d'informations sensibles peut entraîner des dommages à la réputation, des sanctions légales, une perte de propriété intellectuelle et même un impact sur la confidentialité des employés et des clients.Cependant, il y a peu de recherches sur les défis posés aux organisations industrielles lorsque les acteurs de la menace divulguent des détails sensibles sur leur sécurité, la production, les opérations ou la technologie.
En 2021, Mandiant Threat Intelligence a continué à observer les opérateurs de ransomwares tentant d'extorquer des milliers de victimes en divulguant des téraoctets de volés
Data leaks have always been a concern for organizations. The exposure of sensitive information can result in damage to reputation, legal penalties, loss of intellectual property, and even impact the privacy of employees and customers. However, there is little research about the challenges posed to industrial organizations when threat actors disclose sensitive details about their OT security, production, operations, or technology. In 2021, Mandiant Threat Intelligence continued observing ransomware operators attempting to extort thousands of victims by disclosing terabytes of stolen |
Ransomware Threat Industrial | ★★★ | |
|
2021-11-18 12:00:00 | Présentation du cadre de criminalistique numérique et de réponse aux incidents de Mandiant \\ pour les systèmes OT intégrés Introducing Mandiant\\'s Digital Forensics and Incident Response Framework for Embedded OT Systems (lien direct) |
La collecte et l'analyse des données médico-légales sont un composant central du processus de réponse de l'incident.Ce processus est central pour déterminer l'existence et la portée subséquente d'un compromis, les outils utilisés par les adversaires et leurs capacités.Cependant, l'obtention des données de criminalistique numérique et de réponse aux incidents (DFIR) n'est pas toujours une tâche simple, en particulier lorsque des systèmes de technologie opérationnelle (OT) sont impliqués.
Les réseaux OT comprennent souvent une variété de produits peu communs et parfois obscurs qui exploitent régulièrement des composants logiciels et de micrologiciels embarqués.Un bon exemple de ceci est en temps réel
Collecting and analyzing forensic data is a core component of the incident response process. This process is central to determining the existence, and subsequent scope of a compromise, the tools used by adversaries, and their capabilities. However, obtaining digital forensics and incident response (DFIR) data is not always a simple task, especially when operational technology (OT) systems are involved. OT networks often include a variety of uncommon and sometimes obscure products that regularly leverage embedded software and firmware components. A good example of this is real-time |
Tool Industrial | ★★★ | |
|
2021-10-27 08:01:01 | Fichier exécutable portable infectant les logiciels malveillants se trouve de plus en plus dans les réseaux OT Portable Executable File Infecting Malware Is Increasingly Found in OT Networks (lien direct) |
Lors de la recherche de fichiers associés à une gamme de fabricants d'équipements d'origine (OT) (OEM), Mandiant Threat Intelligence a découvert un grand nombre de binaires exécutables portables (PE) légitimes affectés par divers types de PEinfecter les logiciels malveillants.Les fichiers infectés incluent les binaires associés aux contrôleurs logiques programmables (PLC), les communications OLE pour le contrôle de processus (OPC), les applications d'interface humaine-machine (HMI) et d'autres fonctions OT prise en charge par des appareils basés sur Windows aux niveaux 2 et 3 du PurdueModèle.
Un PE est un format de fichier développé par Microsoft
While researching files associated with a range of operational technology (OT) original equipment manufacturers (OEM), Mandiant Threat Intelligence uncovered a large number of legitimate portable executable (PE) binaries affected by various types of PE infecting malware. The infected files include binaries associated with programmable logical controllers (PLC), OLE for process control (OPC) communications, human-machine interface (HMI) applications, and other OT functions supported by Windows-based devices at levels 2 and 3 of the Purdue Model. A PE is a file format developed by Microsoft |
Malware Threat Industrial | ★★★ | |
|
2021-08-17 08:01:01 | Mandiant révèle la vulnérabilité critique affectant des millions de dispositifs IoT Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices (lien direct) |
Aujourd'hui, Mandiant a révélé une vulnérabilité critique des risques en coordination avec le Agence de sécurité de la cybersécurité et des infrastructures («CISA») qui affecte des millions de dispositifs IoT qui utilisent les lytek «kalay» réseau.Cette vulnérabilité, découverte par des chercheurs de l'équipe rouge de Mandiant \\, à la fin de 2020, permettrait aux adversaires de compromettre à distance les appareils IoT victime, ce qui a donné la possibilité d'écouter l'audio en direct, de regarder des données vidéo en temps réel et de compromettre les informations d'identification de l'appareil pour plus de nouvellesAttaques basées sur la fonctionnalité du dispositif exposé.Ces autres attaques pourraient inclure des actions qui permettraient
Today, Mandiant disclosed a critical risk vulnerability in coordination with the Cybersecurity and Infrastructure Security Agency (“CISA”) that affects millions of IoT devices that use the ThroughTek “Kalay” network. This vulnerability, discovered by researchers on Mandiant\'s Red Team in late 2020, would enable adversaries to remotely compromise victim IoT devices, resulting in the ability to listen to live audio, watch real time video data, and compromise device credentials for further attacks based on exposed device functionality. These further attacks could include actions that would allow |
Vulnerability Industrial | ★★★ | |
 |
2021-07-23 22:03:21 | Episode 221: Biden Unmasked APT 40. But Does It Matter? (lien direct) | Andrew Sellers, the Chief Technology Officer at QOMPLX joins us to unpack the revelations this week about APT 40, the Chinese group that the US has accused of a string of attacks aimed at stealing sensitive trade secrets. Also: is Salesforce the next SolarWinds | Industrial | APT 40 | |
|
2021-07-21 17:31:16 | Indictments, Attribution Unlikely to Deter Chinese Hacking, Researchers Say (lien direct) | Researchers are skeptical that much will come from calling out China for the Microsoft Exchange attacks and APT40 activity, but the move marks an important foreign-policy change. | Industrial | APT 40 | |
|
2021-07-20 15:00:00 | Anomali Cyber Watch: China Blamed for Microsoft Exchange Attacks, Israeli Cyber Surveillance Companies Help Oppressive Governments, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: China, APT, Espionage, Ransomware, Targeted Campaigns, DLL Side-Loading, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
UK and Allies Accuse China for a Pervasive Pattern of Hacking, Breaching Microsoft Exchange Servers
(published: July 19, 2021)
On July 19th, 2021, the US, the UK, and other global allies jointly accused China in a pattern of aggressive malicious cyber activity. First, they confirmed that Chinese state-backed actors (previously identified under the group name Hafnium) were responsible for gaining access to computer networks around the world via Microsoft Exchange servers. The attacks took place in early 2021, affecting over a quarter of a million servers worldwide. Additionally, APT31 (Judgement Panda) and APT40 (Kryptonite Panda) were attributed to Chinese Ministry of State Security (MSS), The US Department of Justice (DoJ) has indicted four APT40 members, and the Cybersecurity and Infrastructure Security Agency (CISA) shared indicators of compromise of the historic APT40 activity.
Analyst Comment: Network defense-in-depth and adherence to information security best practices can assist organizations in reducing the risk. Pay special attention to the patch and vulnerability management, protecting credentials, and continuing network hygiene and monitoring. When possible, enforce the principle of least privilege, use segmentation and strict access control measures for critical data. Organisations can use Anomali Match to perform real time forensic analysis for tracking such attacks.
MITRE ATT&CK: [MITRE ATT&CK] Drive-by Compromise - T1189 | [MITRE ATT&CK] Exploit Public-Facing Application - T1190 | [MITRE ATT&CK] External Remote Services - T1133 | [MITRE ATT&CK] Server Software Component - T1505 | [MITRE ATT&CK] Exploitation of Remote Services - T1210
Tags: Hafnium, Judgement Panda, APT31, TEMP.Jumper, APT40, Kryptonite Panda, Zirconium, Leviathan, TEMP.Periscope, Microsoft Exchange, CVE-2021-26857, CVE-2021-26855, CVE-2021-27065, CVE-2021-26858, Government, EU, UK, North America, China
NSO’s Spyware Sold to Authoritarian Regimes Used to Target Activists, Politicians and Journalists
(published: July 18, 2021)
Israeli surveillance company NSO Group supposedly sells spyware to vetted governments bodies to fight crime and terrorism. New research discovered NSO’s tools being used against non-criminal actors, pro-democracy activists and journalists investigating corruption, political opponents and government critics, diplomats, etc. In some cases, the timeline of this surveillance coincided with journalists' arrests and even murders. The main penetration tool used by NSO is malware Pegasus that targets both iPho |
Ransomware Malware Tool Vulnerability Threat Studies Guideline Industrial | APT 41 APT 40 APT 28 APT 31 | |
 |
2021-07-19 20:36:16 | US DoJ indicts four members of China-linked APT40 cyberespionage group (lien direct) | US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and 2018. The U.S. Justice Department (DoJ) indicted four members of the China-linked cyber espionage group APT40 (aka TEMP.Periscope, TEMP.Jumper, and Leviathan) for hacking tens of government organizations, private businesses and universities around the world between 2011 and 2018. […] | Industrial | APT 40 | |
|
2021-07-19 13:44:03 | U.S., Allies Officially Accuse China of Microsoft Exchange Attacks (lien direct) | U.S. Charges Four Alleged Members of Chinese Hacking Group APT40 The United States and its allies have officially attributed the Microsoft Exchange server attacks disclosed in early March to hackers affiliated with the Chinese government. | Industrial | APT 40 | |
 |
2021-07-19 10:44:21 | US indicts members of Chinese-backed hacking group APT40 (lien direct) | Today, the US Department of Justice (DOJ) indicted four members of the Chinese state-sponsored hacking group known as APT40 for hacking various companies, universities, and government entities in the US and worldwide between 2011 and 2018. [...] | Industrial | APT 40 | |
|
2021-05-25 09:00:00 | Crimes d'opportunité: augmentation de la fréquence des compromis sur la technologie opérationnelle à faible sophistication Crimes of Opportunity: Increasing Frequency of Low Sophistication Operational Technology Compromises (lien direct) |
Les attaques contre les processus de contrôle soutenues par la technologie opérationnelle (OT) sont souvent perçues comme nécessairement complexes.En effet, perturber ou modifier un processus de contrôle pour provoquer un effet prévisible est souvent assez difficile et peut nécessiter beaucoup de temps et de ressources.Cependant, Maniant Threat Intelligence a observé des attaques plus simples, où les acteurs ayant différents niveaux de compétences et de ressources utilisent des outils et des techniques informatiques communs pour accéder et interagir avec les systèmes OT exposés.
L'activité n'est généralement pas sophistiquée et n'est normalement pas ciblée contre des organisations spécifiques
Attacks on control processes supported by operational technology (OT) are often perceived as necessarily complex. This is because disrupting or modifying a control process to cause a predictable effect is often quite difficult and can require a lot of time and resources. However, Mandiant Threat Intelligence has observed simpler attacks, where actors with varying levels of skill and resources use common IT tools and techniques to gain access to and interact with exposed OT systems. The activity is typically not sophisticated and is normally not targeted against specific organizations |
Tool Threat Industrial | ★★★ | |
|
2021-04-13 10:00:00 | Piratage de la technologie opérationnelle pour la défense: leçons apprises de l'infrastructure de contrôle des compteurs intelligents en équipe d'OT Red Hacking Operational Technology for Defense: Lessons Learned From OT Red Teaming Smart Meter Control Infrastructure (lien direct) |
Les incidents de sécurité très médiatisés au cours de la dernière décennie ont apporté un examen minutieux à la cybersécurité pour la technologie opérationnelle (OT).Cependant, il existe une perception continue entre les organisations d'infrastructures critiques que les réseaux OT sont isolés de réseaux publics tels que Internet.Dans l'expérience de mandiant, le concept d'un \\ 'Air Gap \' séparant les actifs des réseaux externes est rarement vrai dans la pratique.
En 2018, nous avons publié un article de blog présentant les outils et techniques qui Temp.veles utilisé pendant l'incident de Triton pour traverser un compromis externe des informations
High-profile security incidents in the past decade have brought increased scrutiny to cyber security for operational technology (OT). However, there is a continued perception across critical infrastructure organizations that OT networks are isolated from public networks-such as the Internet. In Mandiant\'s experience, the concept of an \'air gap\' separating OT assets from external networks rarely holds true in practice. In 2018, we released a blog post presenting the tools and techniques that TEMP.Veles used during the TRITON incident to traverse from an external compromise of the information |
Tool Industrial | ★★★★ | |
|
2021-02-17 13:00:00 | Briller une lumière sur la solarcité: exploitation pratique du dispositif X2E IoT (deuxième partie) Shining a Light on SolarCity: Practical Exploitation of the X2e IoT Device (Part Two) (lien direct) |
Dans cet article, nous continuons notre analyse du Solarcity ConnectPort X2E Appareil ZigBee (appelé tous les appareils X2E).Dans partie un , nous avons discuté du x2e à un niveau élevé, effectué des attaques initiales basées sur le réseau, puis a discuté des techniques matérielles utilisées pour obtenir un shell distant sur le périphérique X2E en tant qu'utilisateur système non priviaire.Dans ce segment, nous couvrons comment nous avons obtenu une coquille privilégiée sur l'appareil localement en utilisant des attaques de glitch, et explorer CVE-2020-12878 , une vulnérabilité que nous avons découverte qui a permis une escalade de privilège à distance à l'utilisateur root .Combiné avec cve-2020-9306
In this post, we continue our analysis of the SolarCity ConnectPort X2e Zigbee device (referred to throughout as X2e device). In Part One, we discussed the X2e at a high level, performed initial network-based attacks, then discussed the hardware techniques used to gain a remote shell on the X2e device as a non-privileged system user. In this segment, we\'ll cover how we obtained a privileged shell on the device locally using power glitching attacks, and explore CVE-2020-12878, a vulnerability we discovered that permitted remote privilege escalation to the root user. Combined with CVE-2020-9306 |
Vulnerability Industrial | ★★★★ | |
 |
2020-10-07 18:31:39 | Amazon Wants to \'Win at Games.\' So Why Hasn\'t It? (lien direct) | After brute-forcing its way to dominance in so many industries, the tech leviathan may finally have met its match. | Industrial | APT 40 | |
|
2020-10-04 09:35:41 | Security Affairs newsletter Round 284 (lien direct) | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Apple addresses four vulnerabilities in macOS Google removes 17 Joker -infected apps from the Play Store Microsoft took down 18 Azure AD apps used by Chinese Gadolinium APT Mount Locker […] | Industrial | APT 40 | |
|
2020-09-29 08:01:01 | Dans la poursuite d'une visualisation Gestalt: fusion de l'agent à mitre ATT & CK & Reg;Pour l'entreprise et les CI, communiquer les comportements adversaires In Pursuit of a Gestalt Visualization: Merging MITRE ATT&CK® for Enterprise and ICS to Communicate Adversary Behaviors (lien direct) |
mise à jour (10 décembre): Ce message a été mis à jour pour refléter les modifications de la matrice de mitre ATT & amp; CK pour l'entreprise, qui comprend désormais des tactiques supplémentaires.
Comprendre les menaces de plus en plus complexes auxquelles sont confrontés les organisations d'infrastructures industrielles et critiques n'est pas une tâche simple.Alors que les acteurs de menaces très qualifiés continuent de se renseigner sur les nuances uniques de la technologie opérationnelle (OT) et les systèmes de contrôle industriel (CI), nous observons de plus en plus les attaquants explorant une diversité de méthodes pour atteindre leurs objectifs.Les défenseurs sont confrontés au défi de l'analyse systématique des informations de ces incidents
Update (Dec. 10): This post has been updated to reflect changes in MITRE ATT&CK Matrix for Enterprise, which now includes additional tactics. Understanding the increasingly complex threats faced by industrial and critical infrastructure organizations is not a simple task. As high-skilled threat actors continue to learn about the unique nuances of operational technology (OT) and industrial control systems (ICS), we increasingly observe attackers exploring a diversity of methods to reach their goals. Defenders face the challenge of systematically analyzing information from these incidents |
Threat Industrial | ★★★ |
To see everything:
Our RSS (filtrered)
